IT Excuse Generator

Feeds
Add to Google
RSS FEED


January 12, 2004

Change your passwords!

If you have been using the same password on every web store, every community, and web site that requires registration you might think you're making your life less complicated by making remembering that password so much easier but in actuality you're just making the work easier for script kiddies and identity thieves.

Its of paramount importance that everyone use a unique password every time they are asked to create one.

Use a password manager, create a database, word file, or at worst use a paper note pad to keep track of all your unique passwords. No matter how you decide to store your passwords make sure you have a way of securely backing it up, and keep a backup off location as well.

Personally I store my passwords in an encrypted database and copy it (along with my address book and some other important documents) to a SD flash card which I keep in my wallet.

I bring up this password suggestion now because a serious flaw has been found in many registration systems and message boards that could expose each registered user's password. Many affected script vendors have been aware of this problem for a week and have since released patches or updates to correct the problem. However this flaw is more wide spread than Cross Site Scripting vulnerabilities and affects many more sites, more than anyone could venture to guess. Furthermore, just because patches and updates have been released it doesn't mean that every webmaster will responsibly applied them any time soon.

Don't delay or put off changing your passwords. Do it right now! The security research firm that found the flaw is planning to releasing information on it and sample exploit code to BugTraq and the other security mailing lists very soon. This will allow it to be used by every script kiddie and moron with the will to use it almost immediately.

Posted in Computing & Tech News by usrbingeek at 2004-01-12 00:09 ET (GMT-5) | 0 Comments | Permalink



Comments










This web site is provided "as is" with no representations or warranties, and confer no rights. We are not liable for omissions or typographical errors contained in the content. Use at your sole risk.
The opinions expressed here do not necessarily represent any other entity or party we may have a connection or affiliation with.
usrbingeek, usr bin geek, usrbingeek.com, #!/usr/bin/geek are trademarks of usrbingeek LLC. All other trademarks and tradenames are property of their respective owners.